Suite aux récentes alertes de sécurité dont je m'étais fait l'écho ici et , concernant une recrudescence des attaques de type "SQL injection", le centre de réponse Microsoft pour la Sécurité annonce la disponibilité de 3 nouveaux outils permettant aux utilisateurs de prévenir ces attaques.

Ce sont :

  • UrlScan 3.0 Beta (see Wade Hilmo's blog for more), a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests.
  • Microsoft Source Code Analyzer for SQL Injection (MSCASI) CTP (see the SQL Security blog for more), a tool that can be used to detect ASP code susceptible to SQL injection attacks.
  • Scrawlr (see HP's security blog for more), a free scanner, developed by HP Web Security Research Group in conjunction with Microsoft, which will allow customers to identify whether their Web sites might be susceptible to SQL injection.

image